Internal Services Machines have always done a passive ("slow") trace. Very (very) few system have ever not done a trace. Any system that does an active ("fast") trace will also do a passive trace. The key has always been to delete your logs after every hack.

But I do delete my logs, I have internic as my first or second jump, and clear it out after each mission. I don't even lose admin password at the server I hack. I also make sure I clear the logs of the servers I am attacking. Did the difficulty get amp'd?

Well if you connect to a server, delete the log of you connecting, and then log off, it puts a log off log there, right? And you can't delete it because you're no longer connected to the server. So leave one connect-to log at the top of your list and you'll be fine.

I'm not sure that it does. Without looking at the code (and I can't be bothered now) I'm not sure that those logs matter. As long as you deleted the connection from 127.0.0.1 routed to ... log (ALWAYS using log deleter v.4 otherwise, it can be undeleted), you should be ok.